We reported late last year the ever increasing malicious applications appearing on the Google Play application store. Google removed 13 applications which appeared in the store as games however they were able to execute unauthorised commands and code which was difficult to remove.
The games contained malware similar to that included in two other malicious apps, both called Brain Test, which were removed by Google in September 2015. Each instance of the app was downloaded up to 500,000 times from the store and between 200,000 and 1 million Android users were effected by the malware. The end goal of the application was to download other applications without the user knowing, copying its computer counterpart.
Lookout have identified that the structure of the malware has become increasingly more sinister in the overall object in terms of their structure and capabilities – no longer a little bit of fun by the malware developer. Just like your personal computer, a restore or factory reset is not always enough. The malware on mobile phones has the ability to mimic a rootkit of a normal computer. A re-flashed ROM from the device manufacturer mentioned as the only option.
Lookout found 13 Brain Test samples in total, written by the same developers. They were the ones who contacted Google, who promptly removed these 13 apps from the Google Play Store. Other titles found by the same developer were names like Jump Planet, Crazy Jelly and the Cake Tower, which had the highest ratings and numerous downloads. The developer was able to upload these “games” to the market undetected until Cake Tower received an update in December 2015 which activated the sleeping malware. The update turned on functionality similar to the initial versions of Brain Test and included a new command and control (C2) server, which was the smoking gun for Lookout to tie together the apps.
“What differentiates this particular situation, though, is the delivery mechanism: where PC malware is typically served through misleading advertisements or drive-by-downloads, this malware made it onto a mainstream app store, and in some cases, obtained over 500,000 downloads and an average 4.5 rating before removal,” said Lookout.
“While it’s definitely true that users are considerably safer when downloading only from a mainstream source like the Google Play Store, we recommend users remain cautious and use additional security software to ensure the safety of their device.”
The advice from Coolsmartphone, be careful with your handsets – just like your home PC. Malware is a serious threat and is now going away. Using applications like Lookout and checkout Nowsecure to see how secure your device really is.